16 matches found
EUVD-2018-1049
Malware in sbrugna...
EUVD-2000-0038
Malware in sbrugna...
CVE-2019-14656
Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account with a password of user can make admin requests via HTTP...
CVE-2020-14487
OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbitrary commands...
CVE-2020-14487 OpenClinic GA
OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbitrary commands...
CVE-2020-14487
OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not turned it off, potentially allowing an attacker to login and execute arbitrary commands. The issue is discussed across multiple sources, with ICS advisories indicating remote exploitation...
CVE-2018-17919
CVE-2018-17919 is supported by connected sources: XMeye P2P Cloud Server devices expose an undocumented user account named “default” with its default password, enabling login to view video streams. Multiple sources (ICSA, CNVD, SEC Consult / PACKETSTORM advisories, CVE listings) confirm this issu...
Cisco Prime Data Center Network Manager 10.1.x < 10.2.1 Multiple Vulnerabilities (remote check)
According to its self-reported version number, the Cisco Prime Data Center Network Manager DCNM installed on the remote host is 10.1.x prior to 10.2.1. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the role-based access control RBAC...
Cisco Prime Data Center Network Manager 10.1.x < 10.2.1 Multiple Vulnerabilities
According to its self-reported version number, the Cisco Prime Data Center Network Manager DCNM installed on the remote host is 10.1.x prior to 10.2.1. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the role-based access control RBAC...
NETGEAR DGN2200v1v2v3v4 - dnslookup.cgi Remote Command Execution
NETGEAR DGN2200v1v2v3v4 - dnslookup.cgi Remote Command Execution !/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all...
NETGEAR DGN2200v1v2v3v4 - ping.cgi Remote Command Execution
NETGEAR DGN2200v1v2v3v4 - ping.cgi Remote Command Execution !/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all...
Netgear DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution
!/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all versions - by manipulating the httpd config files to trick the...
HP ThinPro OS Configuration Default User Account Vulnerability
HP ThinPro OS is a thin client operating system. A default account exists for HP ThinPro OS, which allows remote attackers to exploit a vulnerability to gain unauthorized access to the device...
CVE-2003-1457
Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access...
IBM Websphere Commerce Database Update Information Disclosure
The remote host is running a version of IBM Websphere Commerce that may allow potentially confidential information to be accessed through the default user account. An attacker, exploiting this flaw, would only need to be able to make standard queries to the application server. %NASLMINLEVEL 70300...
CVE-2000-0038
glFtpD includes a default glftpd user account with a default password and a UID of 0...